With fraudsters recently targeting Whatsapp, Facebook, and even Google Play, it seems that mobile phishing scams are on the rise. Here’s a recap of the latest tricks, the threat to enterprise and what to avoid if you don’t want your business to fall victim.
Attempts at compromising user email accounts through phishing exploits has sadly become a part of everyday life. Anyone with an email address can attempt a phishing attack. Little surprise then that more private and corporate accounts are being targeted.
Scammers typically use social engineering techniques to impersonate an individual or company. The idea is to trick victims into revealing private or sensitive information so they can use it to their own advantage.
While many phishing scams target email accounts, the phenomenon has spread to social media sites and applications over the past year. LinkedIn, for instance, was targeted back in 2015 when it was discovered hackers could inject hurtful comments into a member’s thread.
The WhatsApp video calling invite you need to avoid
WhatsApp is the world’s leading messaging platform and scammers have been taking advantage of the launch to try new scams.
Many WhatsApp users have been targeted by a scam that invites them to download the new video calling service.
The fake invitation leads unsuspecting users to a site called “Whatappvideostart”. Once activated it compromises the security of their smartphone, disclosing account information and passwords to the attackers.
It even leaves the user’s handset open to automatic malware installation.
Scammers rely on the fact that people are most likely to trust a message if it comes from one of their known contacts or from a company whose services they’re using.
In order to avoid this specific scam, update your app from the official WhatsApp site. Check to see if you’ve gained access to the latest WhatsApp version that includes the ability to make video calls.
No more than a phishing scam
The video calling scam is not the only trick to target Whatsapp users at the moment.
During the holiday season, users tend to be more prone to letting their guard down. Another new scam, which offers users free flights with the well known Emirates airline, takes full advantage of this. The URL even seems to point to their official website.
In fact the scam takes the user to a fake survey. After completion it tells them they have won two free tickets that can be claimed once they’ve shared the link with 10 other contacts on WhatsApp.
The user is then redirected to a new domain for one last step. It asks them to sign up with their phone number to receive priority messages.
With all steps completed, they are finally directed to the initial domain which notifies them that they haven’t won anything.
The best advice against such scams is if it sounds too good to be true then it probably is someone reliable like a friend. The best way to double check things are legit is to contact the company behind the supposed offer.
Don’t always trust your so-called friends
WhatsApp is not alone in being targeted.
Facebook suffered from a threat this July, which claimed a new victim every 20 seconds.
Cyber attackers sent messages purporting to be from “friends” who had mentioned them in comments posted on the social network. When opened, the messages gave hackers the ability to change device privacy settings, steal data, and spread the infection via the victim’s Facebook friends.
An estimated 10,000 Facebook accounts were infected in South America, Europe, Tunisia, and Israel, with the majority of incidents occurring in Brazil.
Victims were advised to run a malware scan or to logout of Facebook, close the browser and, where relevant, to disconnect the network cable from their computer.
Another application to suffer from a serious attack this year was Google Play. In April it was discovered that 11 apps hosted on the site were created by hackers. These apps behave like any other phishing scam — they point to fake websites that resemble the pages of legitimate sites.
The difference is, when you enter your username and password, that information is handed right over to the attackers.
Phishing scammers also targeted this year’s Olympic games aiming their scams at fans and brands. In fact, 15 percent of Olympics-related accounts were found to be fraudulent, and 84 percent of those were impostor accounts.
Many featured illegal live-streaming, phishing, unauthorized ticket sales, and anti-Olympics propaganda.
Employees and businesses are one of the main targets
The indiscriminate nature of phishing attacks means that consumer and business users are targeted.
Businesses of all sizes and their employees were targeted 55 percent more in 2015 than in the year before. In fact, a large business that is attacked once is statistically likely to experience repeat attacks — up to three more times throughout the year.
Every business is a potential target for scams, either via email or via social networks. So watch yourselves!
This post is part of our contributor series. The views expressed are the author's own and not necessarily shared by TNW.